My PC is connected to ISP via cable mode. I've been seriously flooded with arp requests. Here is a little log from tcpdump to see what I mean:
Code:
01:37:23 root@skynet:~# tcpdump -vv -i eth0 host 192.168.192.1
tcpdump: listening on eth0
01:37:26.446680 arp who-has 192.168.195.181 tell 192.168.192.1
01:37:26.459501 arp who-has 192.168.201.74 tell 192.168.192.1
01:37:26.461011 arp who-has 192.168.206.245 tell 192.168.192.1
01:37:26.481737 arp who-has 192.168.205.176 tell 192.168.192.1
01:37:26.529708 arp who-has 192.168.194.235 tell 192.168.192.1
01:37:26.541266 arp who-has 192.168.207.250 tell 192.168.192.1
01:37:26.568725 arp who-has 192.168.202.236 tell 192.168.192.1
01:37:26.573056 arp who-has 192.168.204.230 tell 192.168.192.1
01:37:26.587006 arp who-has 192.168.195.252 tell 192.168.192.1
01:37:26.608921 arp who-has 192.168.200.175 tell 192.168.192.1
01:37:26.653748 arp who-has 192.168.204.141 tell 192.168.192.1
01:37:26.677884
161 packets received by filter
0 packets dropped by kernel
01:37:28 root@skynet:~#
I tried a lot of stuff to do with iptables to reject or drop this incoming thing, some of them succeeded, but completely disconected me from the outer world
Others didn't do anything. I tried to restrict incoming connections via their mac address (-m mac --mac-address...) and put a reject all rule before these rules but that stopped all incoming conns. If I put the reject all rule after the others that arp flood didn't get stopped at all.
I tried with "-m state --state" and different states - INVALID, NEW, ESTABLISHED and rejected them, but that didn't help. Well, rejecting NEW conns actually DID help, but I don't want to cut off my connection at all
Someone have an different idea?
Errr.. I forgot to mention. 192.168.192.1 is my gateway
It's kinda stupid to be flooded from it's own gateway :/ I can't drop it, becouse it will f*ck up my net totaly. Does anyone have an idea how to cut ONLY these arp things? Can this wierd stuff be provoked from my box? I mean, not remote PC's fault, but mine?